Skip to content

bump OTEL dependencies (CVE-2026-24051)#169

Merged
kcp-ci-bot merged 1 commit intokcp-dev:mainfrom
xrstf:bump-dependencies
Mar 5, 2026
Merged

bump OTEL dependencies (CVE-2026-24051)#169
kcp-ci-bot merged 1 commit intokcp-dev:mainfrom
xrstf:bump-dependencies

Conversation

@xrstf
Copy link
Copy Markdown
Contributor

@xrstf xrstf commented Mar 4, 2026

Summary

We have received a depdendabot alert about this dependency, so this PR updates OTEL (and only OTEL to allow for easier backports if necessary).

What Type of PR Is This?

/kind chore

Release Notes

[CVE-2026-24051] Bump opentelemetry SDK to v1.41.0

/label tide/merge-method-squash

@xrstf
bump OTEL dependencies (CVE-2026-24051)
bcafd09 
On-behalf-of: @SAP christoph.mewes@sap.com
@kcp-ci-bot kcp-ci-bot added kind/chore Categorizes issue or PR as related to maintenance and other usually non-code changes. release-note Denotes a PR that will be considered when it comes time to generate release notes. dco-signoff: yes Indicates the PR's author has signed the DCO. tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Mar 4, 2026
ntnn
ntnn approved these changes Mar 4, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@ntnn ntnn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@kcp-ci-bot kcp-ci-bot added the lgtm Indicates that a PR is ready to be merged. label Mar 4, 2026
@kcp-ci-bot
Copy link
Copy Markdown
Contributor

kcp-ci-bot commented Mar 4, 2026

LGTM label has been added.

DetailsGit tree hash: fb432acffbe7b3ff1ac28882ee3b0af46b348626

@xrstf
Copy link
Copy Markdown
Contributor Author

xrstf commented Mar 5, 2026

/approve

@kcp-ci-bot
Copy link
Copy Markdown
Contributor

kcp-ci-bot commented Mar 5, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ntnn, xrstf

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@kcp-ci-bot kcp-ci-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 5, 2026
@kcp-ci-bot kcp-ci-bot merged commit 12cbbed into kcp-dev:main Mar 5, 2026
12 checks passed
@xrstf xrstf deleted the bump-dependencies branch March 6, 2026 14:59
@xrstf
Copy link
Copy Markdown
Contributor Author

xrstf commented Mar 6, 2026

/cherrypick release-0.4

@kcp-ci-bot
Copy link
Copy Markdown
Contributor

kcp-ci-bot commented Mar 6, 2026

@xrstf: #169 failed to apply on top of branch "release-0.4":

Applying: bump OTEL dependencies (CVE-2026-24051)
Using index info to reconstruct a base tree...
M	go.mod
M	go.sum
Falling back to patching base and 3-way merge...
Auto-merging go.sum
CONFLICT (content): Merge conflict in go.sum
Auto-merging go.mod
CONFLICT (content): Merge conflict in go.mod
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
hint: When you have resolved this problem, run "git am --continue".
hint: If you prefer to skip this patch, run "git am --skip" instead.
hint: To restore the original branch and stop patching, run "git am --abort".
hint: Disable this message with "git config set advice.mergeConflict false"
Patch failed at 0001 bump OTEL dependencies (CVE-2026-24051)
Details

In response to this:

/cherrypick release-0.4

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

xrstf added a commit to xrstf/kcp-operator that referenced this pull request Mar 6, 2026
@xrstf
[release-0.4] bump OTEL dependencies (CVE-2026-24051) (kcp-dev#169)
9739957 
On-behalf-of: @SAP christoph.mewes@sap.com
@xrstf xrstf mentioned this pull request Mar 6, 2026
Merged
kcp-ci-bot pushed a commit that referenced this pull request Mar 6, 2026
@xrstf
[release-0.4] bump OTEL dependencies (CVE-2026-24051) (#169) (#172)
43d9316 
On-behalf-of: @SAP christoph.mewes@sap.com
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ntnn ntnn ntnn approved these changes

Assignees

@ntnn ntnn

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Indicates the PR's author has signed the DCO. kind/chore Categorizes issue or PR as related to maintenance and other usually non-code changes. lgtm Indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@xrstf @kcp-ci-bot @ntnn